Problem with Exchange Certificate

It appeared that we were having a certificate issue on our exchange server. I purchased a new UCC from GoDaddy and installed it.  However, even after installing this and running enabling cmdlet, I continue to get this error. No one can connect via Outlook or OWA. Help.

"The name on the security certificate is invalid or does not match the name of the target site exchangeserver.

... (Error Code 10)
PhilshAsked:
Who is Participating?
 
Will SzymkowskiConnect With a Mentor Senior Solution ArchitectCommented:
A new certificate should not have this affect on the storage groups or databases. Looks like it might be a different problem or just a second problem.

Will.
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Did you put all of the correct SAN names on the new cert? When you try to go to mail.domain.com/owa what cert is it trying to use? You can reference the Thumbprint to ensure you are looking at the correct cert. You can find the Thumbprint under the details Tab.

Also re-run get-ExchangeCertificate and ensure that the new cert has all of the appropriate services applied.

Enable-Exchange Certificate -ThumbPrint xxxxxxxxxxxxxxxxxxxxxx -services "smtp,iis,pop,imap"
It should prompt to be the default: Y

Also checking IIS and seeing what cert it is using as well.

Will.
0
 
PhilshAuthor Commented:
Reran get-exchangecertificate and it shows all going to the right certificate.  How can I see what IIS is using? Thanks.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
PhilshAuthor Commented:
Do I need Exchangeserver as a SAN by itself with no xxx.org at the end?
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
You need to have your CN=mail.domain.com and you need to add all of the SAN names to it.
mail.domain.com
autodiscover.mail.com

You then need to make sure that your URL's correspond with the DNS names you have in your certificate SAN names.

Will.
0
 
PhilshAuthor Commented:
Looks like a bigger issue. I noticed that my storage groups are disabled. I cannot mount the database files. They are there but I I think the group has been damages as it won't let me enable them.
0
 
MAS (MVE)Connect With a Mentor Technical Department HeadCommented:
Please check this articles. It may help
EE
Technet

Use this for CSR generation
http://gallery.technet.microsoft.com/Exchange-20072010-and-2013-17a0b52f
0
 
PhilshAuthor Commented:
Multiple issues: both certificate and disk drive.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.